This Military Advisor Reveals Everything You Should Know About China's Cyber Threats Right Now

Retired Lieutenant Colonel Bill Hagestad — a leader in cyber security strategy — was recently interviewed about his insight into Chinese cyber activity and what the U.S. should be doing to prepare itself.

"It’s important because anyone, anywhere, regardless of the industry they’re in...cannot pick up a newspaper or read a blog without hearing about the cyber threats from the People’s Republic of China, regarding their use of cyber and information warfare."

On that note, he also shares his view of the U.S. military's weaknesses and the challenges it faces in countering Chinese cyber threats. Find out what he reveals, based on his conversation with Chris Archer of the IDGA.

How does Chinese Communism and the country's heritage relate to its activity in cyberspace?

"One has to go back no greater than 200 years to look at how the Chinese view the Western world. Perhaps further back, taking an example in history of the Mongol invasion of China.

"The Chinese are sick and tired of having foreign forces come and invade them and extract the natural resources of their country.

"They know they cannot defend themselves kinetically with the military they have, so what they have decided to do is take the high ground and take the advantage in the cyber realm, i.e. the internet, and take that fight to their foes through the use of Cyber and Information Warfare."

What should the US understand first about dealing with China?

"Understanding who China really is. And I think that is something that’s not known.

"There are a lot of people who say they’re China experts, I would never claim to be a China expert. All I can tell you is I love the country of China but I also love my country and when there is a unique crossroads of understanding one’s own culture and a foreign culture, only then can you start to be able to defeat it.

"There are many anecdotes from SunTsu, the Chinese war God from 500 B.C. His writings can give us some proper guidance in those regards."

How can the US prepare for Chinese cyber attacks?

"How can the U.S. government defend itself? I think the most important thing is to start to develop a concrete offensive and perhaps establish some political dialogue to go along with that but when the political dialogue erodes, dissolves, or becomes useless they can go forward with offensive cyber capabilities and combine it with kinetic farms (physical things like bullets, bombs, and troops)."

Where have you seen the most common mistakes within the security of government networks?

"That’s easy. Take a look at all of the discoveries of Chinese attacks on corporate networks, military networks, and intelligence organizations.

"Typically they have been on a network for years, months, before they’re discovered. Typically information security professionals will use an intrusion prevention system to detect those so they can mitigate them in terms of isolating where that problem or breach is.

"Most current commercial intrusion prevention systems do guard against zero day traps but those are all English based. What I’ve discovered is that no one’s looking at attacks that are based in China in Chinese. The ultimate form of cryptography is the Chinese language."

What impact is China’s use of cyber espionage having on the military?

"The most distinct one is it’s a threat that’s not understood. For anyone in the military, if you don’t know or understand who your foe is you can’t possibly defeat them. I recall in January hearing from U.S. cyber command that they have not defined what cyber space is. As someone who has been to war a couple of times, I always brief my Marines and always prepare for success in going to combat by understanding what is the area of operations that I’m going to operate in.

"In military, whether it’s the U.S. or the British or the Indonesian, or the Chinese, if you don’t understand where your foe is operating it’s hard to understand and limit their action and defeat them ultimately."

"The Filipino people are saying, ‘no that’s our territory’. In this case it started in the physical world where the Chinese were sending small Naval frigates down to do a little push and shove with the Philippine Navy and Fisherman are caught in the middle on both sides. The HuangYan Island situation has escalated into the cyber realm where the Chinese are taking down Filipino sites and vice versa. In fact, ‘Anonymous’ (a hacking network) has come to the aid of the Republic of the Philippines and is taking the Chinese to task in the Cyber realm, so it’s gone from physical to cyber and hopefully the escalation of force will not go beyond the cyber where the Filipinos say we need the aid of a government like the U.S. who is building a presence in Australia and the Philippines and saying ‘help us defeat or mitigate the physical threat by the Chinese Navy’.

"That would be the worst thing that could possibly happen as a result of the cyber activity."

An increasing number of military equipment components are being sourced outside NATO countries. How can suppliers ensure no killer switches or malware has been embedded into what the military buys?

"Now when it’s written in a language other than English, granted it’s zeros and ones and the basic prose of electronic information and language, but if those ones and zeros are not recognized by reverse engineering or a scientific engineering lab that has been designed to detect malware or hit and kill switches, those hit and kill switches and malware may be baked in without being detected until after they’re given the ability to turn on in a critical system such as a weapons guidance or a satellite of some sort.

"It’s difficult. If the material’s going to be sourced outside of NATO counties it will need to be examined much more closely through the lens of a foreign language such as Chinese.

"Now remember, as a culture and a country, China had over 20,000 separate dialects that are possible combinations for writing use in malware. Granted, 1949 Mandarin standardized, but in terms of Mandarin Chinese there’s simple or ‘Pu Tong Hua’ language, and there’s complex characters, and then literary Chinese. You can imagine the cryptological combinations would be almost impossible to dictate or recognize even if you did know Chinese as a native speaker."

When will our defense catch up with the offense in terms of the military being able to fend off or deter electronic or information warfare?

"I think that the militaries are predisposed to go on the offensive. Right now they’re all in a defensive mode, meaning they’re protecting networks and critical pieces of information, but at some point it’s going to transition to the point where they’re going to use offensive cyber capability to defeat an enemy.

"The problem with attacking an enemy is attribution of where and who are bringing those attacks on the U.S. The critical piece that’s missing right now is there’s no attribution from offensive weapons capability in the cyber realm."